Network Working Group C. Pelsser
Internet-Draft R. Bush
Intended status: Standards Track Internet Initiative Japan
Expires: April 14, 2014 K. Patel
Cisco Systems
P. Mohapatra
Cumulus Systems, Inc.
O. Maennel
Loughborough University
October 11, 2013
Making Route Flap Damping Usabledraft-ietf-idr-rfd-usable-04
Abstract
Route Flap Damping (RFD) was first proposed to reduce BGP churn in
routers. Unfortunately, RFD was found to severely penalize sites for
being well-connected because topological richness amplifies the
number of update messages exchanged. Many operators have turned RFD
off. Based on experimental measurement, this document recommends
adjusting a few RFD algorithmic constants and limits, to reduce the
high risks with RFD, with the result being damping a non-trivial
amount of long term churn without penalizing well-behaved prefixes'
normal convergence process.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to
be interpreted as described in RFC 2119 [RFC2119] only when they
appear in all upper case. They may also appear in lower or mixed
case as English words, without normative meaning.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Pelsser, et al. Expires April 14, 2014 [Page 1]

Internet-Draft Making Route Flap Damping Usable October 2013
Route Flap Damping (RFD) was first proposed (see [ripe178] and
[RFC2439]) and subsequently implemented to reduce BGP churn in
routers. Unfortunately, RFD was found to severely penalize sites for
being well-connected because topological richness amplifies the
number of update messages exchanged, see [mao2002]. Subsequently,
many operators turned RFD off, see [ripe378]. Based on the
measurements of [pelsser2011], [ripe580] now recommends that RFD is
usable with some changes to the parameters. Based on the same
measurements, this document recommends adjusting a few RFD
algorithmic constants and limits, with the result being damping of a
non-trivial amount of long term churn without penalizing well-behaved
prefixes' normal convergence process.
Very few prefixes are responsible for a large amount of the BGP
messages received by a router, see [huston2006] and [pelsser2011].
For example, the measurements in [pelsser2011] showed that only 3% of
the prefixes were responsible for 36% percent of the BGP messages at
a router with real feeds from a Tier-1 and an Internet Exchange Point
during a one week experiment. Only these very frequently flapping
prefixes should be damped. The values recommended in Section 6
achieve this. Thus, RFD can be enabled, and some churn reduced.
The goal is to, with absolutely minimal change, ameliorate the danger
of current RFD implementations and use. It is not a panacea, nor is
it a deep and thorough approach to flap reduction.
3. RFD Parameters
The following RFD parameters are common to all implementations. Some
may be tuned by the operator, some not. There is currently no
consensus on a single set of default values.
+-------------------------+----------+-------+---------+
| Parameter | Tunable? | Cisco | Juniper |
+-------------------------+----------+-------+---------+
| Withdrawal | No | 1000 | 1000 |
| Re-Advertisement | No | 0 | 1000 |
| Attribute Change | No | 500 | 500 |
| Suppress Threshold | Yes | 2000 | 3000 |
| Half-Life (min) | Yes | 15 | 15 |
| Reuse Threshold | Yes | 750 | 750 |
| Max Suppress Time (min) | Yes | 60 | 60 |
+-------------------------+----------+-------+---------+
Default RFD Paramaters of Juniper and Cisco
Table 1
Pelsser, et al. Expires April 14, 2014 [Page 3]

Internet-Draft Making Route Flap Damping Usable October 20136. Recommendations
Use of the following values is recommended:
Router Maximum Penalty: The internal constant for the maximum
penalty value MUST be raised to at least 50,000.
Default Configurable Parameters: In order not to break existing
operational configurations, existing BGP implementations
including, the examples in Table 1, SHOULD NOT change their
default values.
Minimum Suppress Threshold: Operators wishing damping which is much
less destructive than current, but still somewhat aggressive
SHOULD configure the Suppress Threshold to no less than 6,000.
Conservative Suppress Threshold: Conservative operators SHOULD
configure the Suppress Threshold to no less than 12,000.
Calculate But Do Not Damp: Implementations MAY have a test mode
where the operator could see the results of a particular
configuration without actually damping any prefixes. This will
allow for fine tuning of parameters without losing reachability.
7. Security Considerations
It is well known that an attacker can generate false flapping to
cause a victim's prefix(es) to be damped.
As the recommendations merely change parameters to more conservative
values, there should be no increase in risk.
In fact, the parameter change to more conservative values should
slightly mitigate the false flap attack.
8. IANA Considerations
This document has no IANA Considerations.
9. Acknowledgments
Nate Kushman initiated this work some years ago. Ron Bonica, Seiichi
Kawamura, and Erik Muller contributed useful suggestions.
10. References10.1. Normative ReferencesPelsser, et al. Expires April 14, 2014 [Page 5]